package org.xq.shop.maxaishop.auth;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.xq.shop.maxaishop.service.impl.XqAdminServiceImpl;

/**
 * Security 核心配置类
 * EnableWebSecurity注解使得SpringMVC集成了Spring Security的web安全支持
 */
@EnableWebSecurity
@Configuration
//开启权限控制注解
@EnableGlobalMethodSecurity(prePostEnabled = true)//, securedEnabled = true
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //实例化UserServiceImpl
    @Autowired
    XqAdminServiceImpl xqAdminService;
    @Autowired
    private RsaKeyProperties prop; //公钥、私钥属性对象
    /**
     * 配置静态资源访问
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        //忽略静态资源的访问
        web.ignoring().antMatchers("/resources/**", "/css/**");
    }
    /**
     * Security 登录认证方法重写
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //使用内置的认证规则, 设置了密码加密
        auth.userDetailsService(xqAdminService).passwordEncoder(passwordEncoder());
    }
    /**
     * Security 授权方法配置
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //授权配置
        http.cors()// 跨域共享
                .and()
                .csrf().disable() // 设置跨域伪造请求限制无效
                .authorizeRequests() //下面是授权请求配置
                .antMatchers("/xqAdmin/**").permitAll()
                .antMatchers("/xqCustomer/**").permitAll()
                .antMatchers("/xqCommodity/**").permitAll()
                .antMatchers("/xqVcommodity/**").permitAll()
                .antMatchers("/xqVegeimg/**").permitAll()
                .antMatchers("/File/**").permitAll()
                .antMatchers("/xqCorder/**").permitAll()
                .antMatchers("/xqSpkie/**").permitAll()
                .antMatchers("/xqAddress/**").permitAll()
                .antMatchers("/xqColle/**").permitAll()
                .antMatchers("/swagger-ui*").permitAll()
                .antMatchers("/swagger*/**").permitAll()
                .antMatchers("/v2/**").permitAll()
                .antMatchers("/webjars/**").permitAll()
//            .antMatchers("/rjbRule/**").hasRole("ADMIN")
//            .antMatchers("/rjbOrderStatus/**").hasAnyRole("ADMIN", "GUEST")
                .anyRequest().authenticated() //任何请求都需要认证
                .and()
                // 添加JWT登录认证拦截器
                .addFilter(new TokenLoginFilter(super.authenticationManager(), prop))
                // 添加JWT鉴权拦截器
                .addFilter(new TokenVerifyFilter(super.authenticationManager(), prop))
                //由于使用了JWT，设置Session的创建策略为：Spring Security永不创建HttpSession 不使用HttpSession来获取SecurityContext
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        //开启记住我功能
//        http.rememberMe().rememberMeParameter("remeber");
    }
    //Security 默认加密工具类实例化
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}